Malware with Terms of Service Pact

Friday, November 2, 2012 @ 12:11 PM gHale

In an arena with a clear market leader in the BlackHole exploit kit, there is a new kid on the block that is looking to take over as the top of the heap.

The Nuclear exploit pack has been around for a while, and its creator just released version 2.0. The exploit pack is currently seeing usage in several successful malicious campaigns, which end up delivering information-stealing Trojans and ransomware.

But what differentiates this offer from others is the cyber criminal is not looking for any kind of blame or fault for the criminal actions performed by customers, and he tries to achieve this by introducing Terms of Service that everyone must agree to before using the kit.

The Nuclear exploit pack’s TOS forbid actions that violate the law of the Russian Federation, acquisition of traffic using spam emails, iFrame-based traffic acquisition practices, testing the software on public services such (VirusTotal and others), offering Cybercrime-as-a-Service business services using the kit, and developing an affiliate program using the exploit kit, according to researcher Dancho Danchev.

The kit also lacks operational security features which would make the campaigns harder to detect and analyze, so it definitely can’t compete with the Blackhole exploit kit.